Security Bulletin: IBM Tivoli Netcool System Service Monitors/Application Service Monitors is affected by multiple OpenSSL vulnerabilities

Abstract A number of security vulnerabilities have been discovered in the OpenSSL libraries included in IBM Tivoli Netcool System Service Monitors/Application Service Monitors. Content VULNERABILITY DETAILS: CVE Ids: CVE-2013-0169 CVE-2013-0166 CVE-2012-2686 DESCRIPTION: IBM Tivoli Netcool System...

Security Bulletin: IBM Tivoli Netcool System Service Monitors/Application Service Monitors is affected by multiple OpenSSL vulnerabilities

Abstract A number of security vulnerabilities have been discovered in the OpenSSL libraries included in IBM Tivoli Netcool System Service Monitors/Application Service Monitors. Content VULNERABILITY DETAILS: CVE Ids: CVE-2012-2131 CVE-2012-2110 CVE-2012-0884 CVE-2012-0050 CVE-2011-4108...

Security Bulletin: IBM Smart Analytics System 5710 is affected by vulnerabilities in OpenSSL (CVE-2013-0166, CVE-2013-0169)

Abstract The IBM Smart Analytics System 5710 is shipped with SUSE Linux Enterprise Server Edition operating system software. Two security vulnerabilities have been identified in the OpenSSL libraries that are part of the operating system software. See the references section for links to the...

Vulnerabilities fixed IBM Integration Bus and App Connect Enterprise

IBM has fixed vulnerabilities in the Node.js and OpenSSL components of the Integration Bus and App Connect Enterprise. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of...

SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2022:2308-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2308-1 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script...

SUSE-SU-2022:2306-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in crehash. bsc1200550 - CVE-2022-1292: Properly sanitise shell metacharacters in crehash script. bsc1199166 - CVE-2022-1343: Fixed incorrect signature verification in OCSPbasicverify...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to multiple openSSL vulnerabilities in Node.js (CVE-2022-1434, CVE-2022-1343, CVE-2022-1473)

Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a man-in-the-middle attack, remote attacker bypassing security restrictions and denial of service due to openSSL vulnerabilities in Node.js CVE-2022-1434, CVE-2022-1343, CVE-2022-1473. IBM App Connect provides a fix/fix...

Security Bulletin: Power System Firmware is affected by openssl vulnerabilities(CVE-2013-4353, CVE -2013-6449)

Summary Power System Firmware is affected by openssl vulnerabilities. Vulnerability Details CVE ID: CVE-2013-4353 DESCRIPTION: A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. A malicious server could use this flaw to crash a connecting client. This iss...

PT-2022-3301

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0.0 through 3.0.3 OpenSSL versions 1.1.1 through 1.1.1o OpenSSL versions 1.0.2 through 1.0.2ze Description The issue is related to improper encryption and potential buffer overflow, allowing a remote attacker to obtain...

USN-5402-2 openssl vulnerabilities

USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Elison Niven discovered that OpenSSL incorrectly handled the crehash script. A local attacker could possibly use this issue to execute arbitrary...

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2022-1649)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3...

Security Bulletin: IBM InfoSphere Master Data Management is vulnerable to multiple OpenSSL vulnerabilities (CVE-2017-3738, CVE-2017-3737, CVE-2017-3736)

Summary IBM InfoSphere Master Data Management is vulnerable to multiple OpenSSL vulnerabilities that could cause the application to crash, an attacker to obtain information about the private key, or cause a denial of service. Vulnerability Details CVEID: CVE-2017-3738 DESCRIPTION: OpenSSL could...

Security Bulletin: IBM Initiate Master Data Service, IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2014-0160, CVE-2014-0076, CVE-2013-4353, CVE-2013-6449)

Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerabilit...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Master Data Management (CVE-2014-3571, CVE-2015-0206, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570 )

Summary SUMMARY: OpenSSL vulnerabilities were disclosed on January 8th, 2015 by the OpenSSL Project. OpenSSL is used by IBM InfoSphere Master Data Management. IBM InfoSphere Master Data Management has addressed the applicable CVEs provided by OpenSSL Vulnerability Details CVEID: CVE-2014-3570...

Security Bulletin: IBM Initiate Master Data Service, IBM InfoSphere Master Data Management are affected by the following OpenSSL vulnerabilities: (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and CVE-2014-0076)

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cisco MDS Switches and Directors.

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM Cisco Switches and Directors has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-0291 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By connecting to a...

OPENSUSE-SU-2022:0070-1 Security update for nodejs-electron

This update for nodejs-electron fixes the following issues: - Fix webpack-4 with OpenSSL 3.0 Update to version 16.0.9 https://github.com/electron/electron/releases/tag/v16.0.9 Update to version 16.0.8 https://github.com/electron/electron/releases/tag/v16.0.8 - Add devel package with node headers...

Security Bulletin: OpenSSL vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center)

Summary Multiple OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL, used by IBM Spectrum Control formerly Tivoli Storage Productivity Center, has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-1552 DESCRIPTION: OpenSSL has internal defaults for a directo...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794

Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM Spectrum Control and Tivoli Storage Productivity Center. IBM Spectrum Control and Tivoli Storage Productivity Center have addressed the applicable CVEs. Vulnerability Details CVEID:...

Security Bulletin: IBM Spectrum Control (formerly IBM Tivoli Storage Productivity Center) is affected by OpenSSL vulnerabilities (CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738)

Summary OpenSSL vulnerabilities were disclosed August, November, and December 2017 by the OpenSSL Project. OpenSSL, used by IBM Spectrum Control formerly Tivoli Storage Productivity Center, has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-3735 DESCRIPTION: OpenSSL could...